[CLUE-Talk] New Virus

[Don Collier]

Hey all.  I just got this one off of cnn's sci-tech web site.  I don't
think that they would print untruth, but I still find it hard to
believe.  Anyone heard of this before?


http://www.cnn.com/2001/TECH/internet/03/28/virus.winux.reut/index.html


SAN FRANCISCO, California (Reuters) -- A computer virus that can infect
PCs running either the ubiquitous Windows operating system or the
increasingly popular Linux operating system emerged on Tuesday, which
its discoverers say is a world first. 

The virus, dubbed "W32.Winux" by the company that first reported it,
anti-virus firm Central Command, is not destructive and does not appear
to have infected any computers yet. 

Still, the virus sets a disturbing precedent. 

"We didn't think this was possible," said Keith Peer, President and
Chief Executive of Medina, Ohio-based Central Command. "It's a real step
forward for virus writers." 

Another anti-virus maker, McAfee.com Corp., said it had not seen the
virus and could not confirm reports of W32.Winux. 

W32.Winux spreads by infecting executable programs that run either on
later versions of Windows from Microsoft Corp. -- including 95, 98, Me,
NT and 2000 -- or the various flavors of Linux, a free operating system
that is gaining ground among techies and businesses. 

Searches for applications
Users can set off the dormant virus by either double-clicking on an
infected program or e-mail attachment. After it is activated, the virus
automatically searches for all nearby Windows or Linux applications of
at least 100 kilobytes in size, which it then proceeds to infect. 

Central Command, which first received the virus via an anonymous e-mail
originating in the Czech Republic early Tuesday afternoon, said a virus
writer named Benny claiming affiliation to a known group of virus
writers called 29A, appears to be the culprit. 

Benny and 29A have been implicated as being behind a number of other
previous viruses that have been considered technically innovative but
not particularly destructive. 

In late 1999, a virus that masqueraded as a fix for the Millennium Bug
made its way around the Internet. The 29A group claimed credit for that
virus, as well as another one emerging last September called "Stream"
that experts said was particularly clever at disguising itself from
anti-virus software. 

Not spreading fast
The W32.Winux virus is written in a primitive computer language called
'assembly language', which is what allows it to infect either Windows or
Linux programs, Peer said. 

With Linux's growing popularity, an increasing number of PC users are
installing both Windows and Linux on the same computer. 

Despite its ability to jump between different operating systems,
W32.Winux is not a fast-spreading virus. 

For one, Peer said that the virus appears to be limited to spreading
only on PCs running Intel Pentium processors -- meaning it could not
spread to Sun Microsystems Inc. servers running Linux. 

And unlike more recent worm-type viruses like Melissa or Love Letter,
W32.Winux cannot automatically e-mail itself to other Internet users
worldwide. 

"It's rather old-fashioned in that way," Peer said. 

While there are thousands of viruses swimming around on Windows
computers worldwide, there are relatively few for Linux -- an estimated
less than 50, Peer said, which he attributed to the lack of virus
writers targeting the Linux operating system.